| Win32 Rootkit的进程隐藏检测技术 |
| |
| 引用本文: | 林卫亮,王轶骏,薛质.Win32 Rootkit的进程隐藏检测技术[J].信息安全与通信保密,2009(3):62-63. |
| |
| 作者姓名: | 林卫亮 王轶骏 薛质 |
| |
| 作者单位: | 上海交通大学信息安全工程学院,上海,200240 |
| |
| 摘 要: | Rootkit是现今一种越来越流行的系统底层隐蔽机制及其相应的实现程序,能够让攻击者长期保持对系统的最高控制权限,其中,实现进程的隐藏是Rootkit的最常见功能之一。论文针对Win32 Rootkit的进程隐藏检测的若干技术方法进行了深入研究和实现,分析比较了各自的优缺点,并最终提出了这项技术在未来的展望。
|
| 关 键 词: | Rootkit Win32 进程隐藏 检测 |
Technology of Hidden Process Rootkit on Win32 |
| |
| LIN Wei-liang,WANG Yi-jun,XUE Zhi.Technology of Hidden Process Rootkit on Win32[J].China Information Security,2009(3):62-63. |
| |
| Authors: | LIN Wei-liang WANG Yi-jun XUE Zhi |
| |
| Affiliation: | (Information Security Engeneering School of Shanghai Jiaotong University, Shanghai 200240, China) |
| |
| Abstract: | Rootkit is a system layer hidden mechanism and implementation program and is becoming more and more popular. It is designed to take fundamental control of a computer system, without authorization by the system owners and legitimate managers. Concealing running processes is one of the Win32 Rootkit's standard functions. In this paper, the techniques for detecting this kind of Win32 Rootkit, are studiues and implemented their advantages and disadvantages analyzed and compaired, Finally, some prospects for this technique are proposed. |
| |
| Keywords: | Rootkit Win32 |
| 本文献已被 维普 万方数据 等数据库收录! |
|
